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Remarks 

Claims 1-45 are pending. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

1 . Claims 1 , 2, 4-6, 9, 1 0, 1 2-1 6, 1 8, 21 , 22, 24, 39-42, and 45 are rejected under 
35 U.S.C. 102(e) as being anticipated by Stewart (U.S. Patent 6,732,176). 
Regarding Claim 1, 

Stewart discloses a method of controlling access to a network 
comprising: 

Requesting an identity from a client attempting to connect to the 
network (Column 1 0, line 64 to Column 1 1 , line 1 6); 

Receiving the identity (Column 10, line 64 to Column 11, line 16); 

Associating location information with the identity (Column 11, lines 
17-53); 

Authenticating the identity (Column 9, lines 28-47; Column 12, line 
30 to Column 13, line 10; and Column 18, lines 1-25); 
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Comparing tine location information against a policy designating 
locations, if any, at which the client is permitted to connect to the network 
(Column 11, lines 28-53 and Column 16, lines 38-64); and 

Deciding whether to grant or deny the client access to the network 
based on the authenticity of the identity and the comparison of the location 
information (Column 11, lines 28-53 and Column 15, line 16 to Column 16, 
line 64). 
Regarding Claim 39, 

Claim 39 is a system claim that corresponds to method claim 1 and 
is rejected for the same reasons. 
Regarding Claim 2, 

Stewart discloses passing the identity and the location information 
to an authentication server, wherein the authentication server performs the 
steps of authenticating, comparing and deciding (Column 10, line 64 to 
Column 11, line 16; and Column 14, lines 40-56; authentication server 
being the MIB or other device 150). 
Regarding Claim 4, 

Stewart discloses that the identity includes information selected 
from the group consisting of a user name, a user password, a certificate, a 
MAC address, a shared encryption key, a smart card identifier, and any 
combination of the foregoing information (Column 10, lines 53-63). 
Regarding Claim 40, 
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Claim 40 is a system claim that corresponds to method claim 4 and 
is rejected for the same reasons. 
Regarding Claim 5, 

Stewart discloses that the client is a user station capable of 
connecting to the network through an access point (Column 10, line 64 to 
Column 11, line 16). 
Regarding Claim 41, 

Claim 41 is a system claim that corresponds to method claim 5 and 
Is rejected for the same reasons. 
Regarding Claim 6, 

Stewart discloses that the client is a wired device capable of 
connecting to the network through an Ethernet switch port (Column 5, 
lines 2-24; Column 6, lines 40-59; and Column 9, lines 48-64). 
Regarding Claim 42, 

Claim 42 is a system claim that corresponds to method claim 6 and 
is rejected for the same reasons. 
Regarding Claim 9, 

Stewart discloses that the location information indicates the location 
of an edge device for connecting the client to the network (Column 1 0, line 
64 to Column 11, line 16). 
Regarding Claim 45, 
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Claim 45 is a system claim that corresponds to method claim 9 and 
is rejected for the same reasons. 
Regarding Claim 10, 

Stewart discloses a network system comprising: 

An authentlcator for requesting an Identity from a client and for 
associating location information with the identity (Column 10, line 64 to 
Column 11, line 16); and 

An authentication server, receiving the identity and associated 
location information from the authenticator, for deciding whether to grant 
or deny the client access to the network based on the identity and the 
location information (Column 9, lines 28-47; Column 12, line 30 to Column 
13, line 10; Column 14, lines 40-56; Column 16, lines 38-55; and Column 
18, lines 1-25). 
Regarding Claim 12, 

Stewart discloses that the authenticator resides in an edge device 
(Column 1 0, line 64 to Column 1 1 , line 1 6). 
Regarding Claim 13, 

Stewart discloses an edge device for connecting a user station to a 
network switch (Figures 2-3). 
Regarding Claim 14, 

Stewart discloses that the edge device is a wireless access point 
(Column 1 0, line 64 to Column 1 1 , line 1 6). 
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Regarding Claim 15, 

Stewart discloses that the user station is a wireless device capable 
of connecting to the network through the access point (Column 5, lines 1- 
1 4; and Column 1 0, line 64 to Column 1 1 , line 1 6). 
Regarding Claim 16, 

Stewart discloses that the client is a wired device capable of 
connecting to a network switch through an Ethernet port (Column 5, lines 
2-24; Column 6, lines 40-59; and Column 9, lines 48-64). 
Regarding Claim 18, 

Stewart discloses that the location information indicates the location 
of an edge device for connecting the client to the network (Column 10, line 
64 to Column 11, line 16). 
Regarding Claim 21 , 

Stewart discloses that the authentication server authenticates the 
identity (Column 9, lines 28-47; Column 12, line 30 to Column 13, line 10; 
Column 14, lines 40-56; Column 16, lines 38-55; and Column 18, lines 1- 
25). 

Regarding Claim 22, 

Stewart discloses that the authentication server includes a policy 
designating locations, if any, at which the client is permitted to connect to 
the network (Column 1 1 , lines 28-53 and Column 16, lines 38-64). 

Regarding Claim 24, 
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Stewart discloses tliat tlie identity includes Information selected 
from the group consisting of a user name, a user password, a certificate, a 
MAC address, a shared key, a smart card identifier, and any combination 
of the foregoing information (Column 10, lines 53-63). 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 3, 1 1 , 20, 23, 27-29, 31 , and 33-37 are rejected under 35 U.S.C. 1 03(a) 
as being unpatentable over Stewart in view of Kwan (U.S. Patent Application 
Publication 2004/0255154). 
Regarding Claim 3, 

Stewart does not explicitly disclose that the authentication server is 
a RADIUS server. 

Kwan, however, discloses that the authentication server is a 
RADIUS server (Paragraph 57). It would have been obvious to one of 
ordinary skill In the art at the time of applicant's Invention to Incorporate 
the multi-tiered network security system of Kwan into the distributed 
network access system of Stewart in order to ensure that a client and it's 
associated user are authentic and authorized to use the system by three 
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levels of security checks, including physical address authentication of the 
device, user credential authentication, and VLAN group association 
checks, thereby increasing security of the system. 
Regarding Claim 11, 

Stewart does not explicitly disclose that the authenticator resides in 
a network switch. 

Kwan, however, discloses that the authenticator resides in a 
network switch (Paragraph 56). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to incorporate 
the multi-tiered network security system of Kwan into the distributed 
network access system of Stewart in order to ensure that a client and it's 
associated user are authentic and authorized to use the system by three 
levels of security checks, including physical address authentication of the 
device, user credential authentication, and VLAN group association 
checks, thereby increasing security of the system. 
Regarding Claim 20, 

Stewart does not explicitly disclose that the authentication server is 
included in a network switch. 

Kwan, however, discloses that the authentication server is included 
in a network switch (Paragraph 36). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to incorporate 
the multi-tiered network security system of Kwan into the distributed 
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network access system of Stewart in order to ensure that a client and it's 
associated user are authentic and authorized to use the system by three 
levels of security checks, including physical address authentication of the 
device, user credential authentication, and VLAN group association 
checks, thereby increasing security of the system. 
Regarding Claim 23, 

Stewart does not explicitly disclose that the authentication server is 
a RADIUS server. 

Kwan, however, discloses that the authentication server is a 
RADIUS server (Paragraph 57). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to incorporate 
the multi-tiered network security system of Kwan into the distributed 
network access system of Stewart in order to ensure that a client and it's 
associated user are authentic and authorized to use the system by three 
levels of security checks, including physical address authentication of the 
device, user credential authentication, and VLAN group association 
checks, thereby increasing security of the system. 
Regarding Claim 27, 

Stewart discloses a system comprising: 

A plurality of edge devices capable of communicating with a 
plurality of user stations over one or more wireless channels (Column 10, 
line 64 to Column 1 1 , line 1 6); 
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A network switch including a plurality of ports for connecting the 
edge devices to a networl< (Figures 2-3; and Column 9, lines 52-64); 

An application for requesting station identities from the user 
stations and for associating location information with each of the station 
identities (Column 10, line 64 to Column 1 1 , line 53); 

An authentication server for deciding whether to grant or deny each 
of the user stations access to the network based on the corresponding 
identity and location information (Column 9, lines 28-47; Column 12, line 
30 to Column 13, line 10; Column 14, lines 40-56; Column 16, lines 38-55; 
and Column 18, lines 1-25); 

But does not explicitly disclose that the application is run on the 
network switch. 

Kwan, however, discloses an application running on the network 
switch, for requesting station identities from the user stations (Paragraph 
56). It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the multi-tiered network 
security system of Kwan into the distributed network access system of 
Stewart in order to ensure that a client and it's associated user are 
authentic and authorized to use the system by three levels of security 
checks, including physical address authentication of the device, user 
credential authentication, and VLAN group association checks, thereby 
increasing security of the system. 
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Regarding Claim 28, 

Stewart as modified by Kwan discloses the system of claim 27, in 
addition, Stewart discloses that at least one of the edge devices is a 
wireless access point (Column 10, line 64 to Column 11, line 16). 
Regarding Claim 29, 

Stewart as modified by Kwan discloses the system of claim 27, in 
addition, Kwan discloses a user station that is a wired device for directly 
connecting one of the ports of the network switch (Figure 1 ; and 
Paragraph 35). 
Regarding Claim 31, 

Stewart as modified by Kwan discloses the system of claim 27, in 
addition, Stewart discloses that the location information indicates the 
location of one of the edge devices (Column 10, line 64 to Column 1 1 , line 
16). 

Regarding Claim 33, 

Stewart as modified by Kwan discloses the system of claim 27, in 
addition, Kwan discloses that the network switch includes an authenticator 
for authenticating the station identities (Paragraph 56). 
Regarding Claim 34, 

Stewart as modified by Kwan discloses the system of claim 27, in 
addition, Stewart discloses that the authentication server authenticates the 
station identities (Column 9, lines 28-47; Column 12, line 30 to Column 13, 
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line 10; Column 14, lines 40-56; Column 16, lines 38-55; and Column 18, 
lines 1-25). 
Regarding Claim 35, 

Stewart as modified by Kwan discloses the system of claim 27, in 
addition, Stewart discloses that the authentication server includes a policy 
designating locations, if any, at which the user stations are permitted to 
connect to the network (Column 1 1 , lines 28-53 and Column 16, lines 38- 
64). 

Regarding Claim 36, 

Stewart as modified by Kwan discloses the system of claim 27, in 
addition, Kwan discloses that the authentication server is a RADIUS 
server (Paragraph 57). 

Regarding Claim 37, 

Stewart as modified by Kwan discloses the system of claim 27, in 
addition, Stewart discloses that the station identities includes information 
selected from the group consisting of a user name, a user password, a 
certificate, a MAC address, a shared key, a smart card identifier, and any 
combination of the foregoing information (Column 10, lines 53-63). 



3. Claims 7, 19, 25, 26, and 43 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Stewart in view of Lor (U.S. Patent Application Publication 
2004/0068668). 
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Regarding Claim 7, 

Stewart does not explicitly disclose using a mechanism selected 
from the group consisting of TLS, TTLS, MD5, EAP-TTLS, EAP-TLS, and 
any combination of the foregoing to authenticate the identity. 

Lor, however, discloses using a mechanism selected from the 
group consisting of TLS, TTLS, MD5, EAP-TTLS, EAP-TLS, and any 
combination of the foregoing to authenticate the identity (Paragraphs 42- 
44). It would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the wireless LAN switching 
system of Lor into the distributed network access system of Stewart in 
order to provide additional levels of access control, authentication, and 
authorization, such that access may be controlled by client identity, time, 
location, and application and/or to provide ease in re-association when a 
client moves from one location to another. 
Regarding Claim 43, 

Claim 43 is a system claim that corresponds to method claim 7 and 
is rejected for the same reasons. 
Regarding Claim 19, 

Stewart does not explicitly disclose an interface for permitting an 
administrator to associate the location information to the edge device. 

Lor, however, discloses an interface for permitting an administrator 
to associate the location information to the edge device (Paragraphs 54- 
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55 and 99-104). It would have been obvious to one of ordinary skill in the 
art at the time of applicant's invention to incorporate the wireless LAN 
switching system of Lor into the distributed network access system of 
Stewart in order to provide additional levels of access control, 
authentication, and authorization, such that access may be controlled by 
client identity, time, location, and application and/or to provide ease in re- 
association when a client moves from one location to another. 

Regarding Claim 25, 

Stewart does not explicitly disclose a network switch that comprises 
an authentication mechanism selected from the group consisting of TLS, 
TTLS, MD5, EAP-TTLS, EAP-TLS, and any combination of the foregoing. 

Lor, however, discloses a network switch that comprises an 
authentication mechanism selected from the group consisting of TLS, 
TTLS, MD5, EAP-TTLS, EAP-TLS, and any combination of the foregoing 
(Paragraphs 42-44). It would have been obvious to one of ordinary skill in 
the art at the time of applicant's invention to incorporate the wireless LAN 
switching system of Lor into the distributed network access system of 
Stewart in order to provide additional levels of access control, 
authentication, and authorization, such that access may be controlled by 
client identity, time, location, and application and/or to provide ease in re- 
association when a client moves from one location to another. 

Regarding Claim 26, 
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Stewart does not explicitly disclose that the authentication server 
comprises an authentication mechanism selected from the group 
consisting of TLS, TTLS, MD5, EAP-TTLS, EAP-TLS, and any 
combination of the foregoing. 

Lor, however, discloses that the authentication server comprises an 
authentication mechanism selected from the group consisting of TLS, 
TTLS, MD5, EAP-TTLS, EAP-TLS, and any combination of the foregoing 
(Paragraphs 42-44). It would have been obvious to one of ordinary skill in 
the art at the time of applicant's invention to Incorporate the wireless LAN 
switching system of Lor into the distributed network access system of 
Stewart in order to provide additional levels of access control, 
authentication, and authorization, such that access may be controlled by 
client Identity, time, location, and application and/or to provide ease in re- 
association when a client moves from one location to another. 



4. Claims 8, 17, and 44 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Stewart In view of Liming (U.S. Patent Application Publication 2002/0055924). 
Regarding Claim 8, 

Stewart does not explicitly disclose that the location information 
indicates the location of a network switch to which the client is attempting 
to connect. 
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Liming, liowever, discloses tliat tlie location information indicates 
the location of a network switch to which the client is attempting to connect 
(Paragraph 159). It would have been obvious to one of ordinary skill in the 
art at the time of applicant's invention to incorporate the location context 
system of Liming into the distributed network access system of Stewart in 
order to allow the system to associate location information with the client 
even when the other devices cannot provide such location information, 
thereby extending the system to be able to be used when the client 
connects directly to a switch and/or when the other devices between the 
client and switch do not have any means to associate location information 
with the client. 
Regarding Claim 44, 

Claim 44 is a system claim that corresponds to method claim 8 and 
is rejected for the same reasons. 
Regarding Claim 17, 

Stewart does not explicitly disclose that the location information 
indicates the location of a network switch to which the client is attempting 
to connect. 

Liming, however, discloses that the location information indicates 
the location of a network switch to which the client is attempting to connect 
(Paragraph 159). It would have been obvious to one of ordinary skill in the 
art at the time of applicant's invention to incorporate the location context 
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system of Liming into tlie distributed networl^ access system of Stewart in 
order to allow the system to associate location information with the client 
even when the other devices cannot provide such location information, 
thereby extending the system to be able to be used when the client 
connects directly to a switch and/or when the other devices between the 
client and switch do not have any means to associate location Information 
with the client. 

5. Claim 30 Is rejected under 35 U.S.C. 103(a) as being unpatentable over Stewart 

In view of Kwan, further in view of Liming. 

Stewart as modified by Kwan does not explicitly disclose that the location 
information indicates the location of the network switch. 

Liming, however, discloses that the location Information Indicates the 
location of the network switch Paragraph 159). It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to incorporate 
the location context system of Liming into the distributed network access system 
of Stewart In order to allow the system to associate location Information with the 
client even when the other devices cannot provide such location Information, 
thereby extending the system to be able to be used when the client connects 
directly to a switch and/or when the other devices between the client and switch 
do not have any means to associate location information with the client. 
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6. Claims 32 and 38 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Stewart in view of Kwan, further in view of Lor. 
Regarding Claim 32, 

Stewart as modified by Kwan does not explicitly disclose that the 
network switch includes an interface for permitting an administrator to 
associate the location information to the edge devices. 

Lor, however, discloses that the network switch includes an 
interface for permitting an administrator to associate the location 
information to the edge devices (Paragraphs 54-55 and 99-104). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the wireless LAN switching system of 
Lor into the distributed network access system of Stewart in order to 
provide additional levels of access control, authentication, and 
authorization, such that access may be controlled by client identity, time, 
location, and application and/or to provide ease in re-association when a 
client moves from one location to another. 
Regarding Claim 38, 

Stewart as modified by Kwan does not explicitly disclose an 
authentication mechanism selected from the group consisting of TLS, 
TTLS, MD5, EAP-TTLS, EAP-TLS, and any combination of the foregoing. 

Lor, however, discloses an authentication mechanism selected 
from the group consisting of TLS, TTLS, MD5, EAP-TTLS, EAP-TLS, and 
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any combination of tlie foregoing (Paragraplis 42-44). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's invention 
to incorporate the wireless LAN switching system of Lor into the 
distributed network access system of Stewart as modified by Kwan in 
order to provide additional levels of access control, authentication, and 
authorization, such that access may be controlled by client identity, time, 
location, and application and/or to provide ease in re-association when a 
client moves from one location to another. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JEFFREY D. POPHAM whose telephone number is 
(571)272-7215. The examiner can normally be reached on M-F 9:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571)272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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